tcpdump mailing list archives
Re: libpcap on Mac Os X 10.6 Snow Leopard
From: Marco De Angelis <thorar () yahoo com>
Date: Wed, 3 Feb 2010 13:03:20 +0000 (UTC)
Guy Harris <guy <at> alum.mit.edu> writes:
it seems that libpcap captures them, but the pcap_dispatch (and pcap_loop as
well) does not deliver packets to the pcap_handler.
What do you mean by "libpcap captures them"? Do you mean that libpcap reads
the packets into the userland
buffer attached to the pcap_t, or that *BPF* captures them (i.e., they get put
into the *kernel* buffer for
the BPF device) but libpcap doesn't read them into its userland buffer?
Good question. Do you know how could I verify the buffer they stay in? Is there some printout I could add before calling pcap_dispatch to see what's in the kernel buffer and what in the userland buffer?
Packets seems to remain in the buffer and they get delivered only when the buffer is full.If you're referring to the BPF kernel buffer, that sounds as if the timeout
mechanism isn't working. That
was a bug that happened in 10.6 and 10.6.1 for 64-bit programs specifying
sub-second timeouts, but that's
fixed in 10.6.2 - *if* you're using libpcap (rather than using raw BPF; the
bug in BPF isn't fixed, it's just
worked around in libpcap).
I'm only using libpcap to access the device, I never perform direct calls on the underlying device (the application has to remain platform-neutral). I'm running on 10.6.2. The timeouts are all set to 1 second.
Is your program built as a 32-bit program or a 64-bit program?
I was compiling for the native os. The lipo -info command says it is i386. Just to be sure, I removed all other architectures (ppc and x86_64) from the list of compilation targets and recompiled. Nothing has changed. I will retry to build it for x86_64 and see if anything changes.
Presumably the tcpdump you downloaded and recompiled was recompiled on Snow
Leopard, which means that, unless your machine has a 32-bit processor It's a 64-bit processor. Anyway, tcpdump works fine. My line of reasoning is: if tcpdump works correctly and it always uses libpcap, then I should be able to capture using the same filter. I just cannot understand what my code (posted earlier) is doing differently from tcpdump. Thanks for the support Marco - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- libpcap on Mac Os X 10.6 Snow Leopard Marco De Angelis (Jan 31)
- Re: libpcap on Mac Os X 10.6 Snow Leopard Guy Harris (Jan 31)
- Re: libpcap on Mac Os X 10.6 Snow Leopard Marco De Angelis (Feb 01)
- Re: libpcap on Mac Os X 10.6 Snow Leopard Carter Bullard (Feb 01)
- Re: libpcap on Mac Os X 10.6 Snow Leopard Guy Harris (Feb 01)
- Re: libpcap on Mac Os X 10.6 Snow Leopard Marco De Angelis (Feb 01)
- Re: libpcap on Mac Os X 10.6 Snow Leopard Guy Harris (Jan 31)
- Re: libpcap on Mac Os X 10.6 Snow Leopard Guy Harris (Jan 31)
- <Possible follow-ups>
- Re: libpcap on Mac Os X 10.6 Snow Leopard Marco De Angelis (Feb 01)
- Re: libpcap on Mac Os X 10.6 Snow Leopard Guy Harris (Feb 01)
- Re: libpcap on Mac Os X 10.6 Snow Leopard Marco De Angelis (Feb 03)
- Re: libpcap on Mac Os X 10.6 Snow Leopard Guy Harris (Feb 03)
- Re: libpcap on Mac Os X 10.6 Snow Leopard Marco De Angelis (Feb 03)
- Re: libpcap on Mac Os X 10.6 Snow Leopard Marco De Angelis (Feb 09)
- Re: libpcap on Mac Os X 10.6 Snow Leopard Carter Bullard (Feb 09)
- Re: libpcap on Mac Os X 10.6 Snow Leopard Guy Harris (Feb 09)
- Re: libpcap on Mac Os X 10.6 Snow Leopard Marco De Angelis (Feb 10)
- Re: libpcap on Mac Os X 10.6 Snow Leopard Guy Harris (Feb 10)
- Re: libpcap on Mac Os X 10.6 Snow Leopard Marco De Angelis (Feb 10)
- Re: libpcap on Mac Os X 10.6 Snow Leopard Guy Harris (Feb 11)
- Re: libpcap on Mac Os X 10.6 Snow Leopard Marco De Angelis (Feb 12)
- Re: libpcap on Mac Os X 10.6 Snow Leopard Guy Harris (Feb 01)